IDG News Service >
 

BitTorrent develops secure, decentralized chat program using public-key crypto

o Lucian Constantin
20.12.2013 kl 17:17 | IDG News Service\Romania Bureau

BitTorrent, the company behind the popular file sharing protocol with the same name, is developing a secure chat application that will encrypt all communications between users and won't use any central server to route messages.

 

BitTorrent, the company behind the popular file sharing protocol with the same name, is developing a secure chat application that will encrypt all communications between users and won't use any central server to route messages.

The company announced that it planned to develop the secure messaging product, called BitTorrent Chat, in September. However, at that time there were no technical details available about it's possible implementation.

The product is still far from a stable release, but the BitTorrent developers have made progress since the original announcement and revealed more about the program's architecture in a series of blog posts Thursday.

The most fundamental difference compared to many existing chat programs is that BitTorrent Chat won't rely on a central server to deliver messages from the sender to their recipients. The encryption will be done directly among clients, not between the clients and a server.

Chat applications that rely on centralized, cloud-based servers are vulnerable to hackers or "NSA's dragnet surveillance sweeps," Christian Averill, BitTorrent's director of communications said in a blog post. "While we're hearing legislative calls to curb domestic spying, and corporate assurances regarding user privacy, we can't rely on these systems. Statements like 'just because we can, doesn't mean we should' don't guarantee user privacy."

In the absence of a central server to route messages between users, BitTorrent Chat users will find each other through the same mechanism that many BitTorrent clients use to locate file-sharing peers -- a Distributed Hash Table (DHT).

"In essence, the DHT is a web of peers cooperating," Abraham Goldoor, a software engineer on the BitTorrent Chat team explained in a separate blog post. "You ask your closest neighbor if they know of the person you are looking for. You then ask their neighbors, and their neighbors' neighbors, and so on. Eventually, you'll get to a peer (neighbor) who knows the address of the person you're looking for. They return this address to you. This is done in such a way that only you know who you are looking for."

In order to accommodate BitTorrent Chat's requirements, the DHT protocol itself has been updated to support encryption.

With BitTorrent Chat users will be identified by their public keys, which is part of a public-private key pair used for encrypted communications. Two users only need to exchange their public keys with each other to be able to chat securely.

Since there will be no traditional usernames and users will be identified by their keys, the infrastructure will also provide some level of anonymity.

However, even when used directly between users and not between users and a central server, public-key-based encryption does not protect against all types of attacks. For example, in most common implementations, if a private key is stolen, it can be used to decrypt all past and future messages encrypted with its corresponding public key.

To counter that, the BitTorrent Chat developers will implement a cryptographic feature known as forward secrecy. "Every time you begin a conversation with one of your contacts, a temporary encryption key will be generated," Goldoor said. "Using each of your keypairs, this key will be generated for this one conversation and that conversation only, and then deleted forever."

BitTorrent Chat is still in alpha stages of development, but users can apply to become early testers.

Keywords: Security  Internet-based applications and services  
Latest news from IDG News Service
Latest news from IDG News Service

Copyright 2009 IDG Magazines Norge AS. All rights reserved

Postboks 9090 Grønland - 0133 OSLO / online@idg.no / Telefon 22053000

Ansvarlig redaktør Morten Kristiansen / Utviklingsansvarlig Ulf H. Helland / Salgsdirektør Jon Thore Thorstensen